undefined | Better HN

0 pointsrfmoz3mo ago0 comments

The reference of robots.txt offer a good way to define specific behavior for the whole domain, as example. Something like that for security could be enough for large amount of websites.

Also, a new header like “sec-policy: foo-url” may be a clean way to move away that definitions from the app+web+proxy+cdn mesh to a fixed clear point.

0 comments

rfmozOP3mo ago

I reply myself because I've found that idea already porposed:

"Origin policy was a proposal for a web platform mechanism that allows origins to set their origin-wide configuration in a central location, instead of using per-response HTTP headers." - https://github.com/WICG/origin-policy

But their status is "[On hold for now]" since, at least, three years ago.

zwnow3mo ago

These files are just ignored by everything. We dont need .txt files, we need good defaults.

j / k navigate · click thread line to collapse